You'll want to post more than just the file list. You should dig up the report indicating what was found in those files, or rescan them.

> ...and if they are how do I return them to their original file name > and location? > EXCEL.EXE.infected > EXCEL.EXE.infected.000.infected

It appears the infected files are being renamed (they may have been moved and/or permissions altered as well). As far as I know, that isn't something the official win32 port of ClamAV does, so you are likely using a third party port of ClamAV and/or some other tool that incorporates ClamAV. The organization that produced the software ought to be able to tell you how to reverse the quarantine process.

Re: How do I return these files to their original names and folders
[In reply to]

Hi, Thanks for responding.

I've found most of these same files on my laptop. They are located in :WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\, and in: WINDOWS\Installer\7f0ae4.msp, and in: \System Volume Information\_restore{5C52C924-5405-4741-90F9-29F5110BD59C}

Installer (as are the others) is a hidden file, I found it and opened it with "Everything" search on my laptop. Windows search will not locate the file. Each of the files in quarantine on my desktop is located on my laptop as well (less the ".infected" addition.) So I am pretty certain they are not viruses or trojans. I can also find the path and the folder on the laptop but am unable to get the hidden folders on my desktop to open. Even when I clik "show hidden folders" the Installer and $patchcache$ folders are not shown. I downloaded my version of Clamwin from the Clamwin website. It ran fine until the April 27 (approx) update. I run Windows firewall, Sygate personal firewall, spyware blaster, ccleaner, advanced systems care, AVG free and Clamwin antivirus. I have had this combination for several years now. On Fri, May 1, 2009 at 3:58 PM, Tom Metro <tmetro+clamwin32 [at] gmail<tmetro%2Bclamwin32 [at] gmail> > wrote:

> J.W. Michels wrote: > > After a recent virus scan (Clamwin) I discovered that several programs > were > > no longer working properly. > > I need to know if these are "false positives" > > The main ClamAV-users list is a better place to ask that. > > http://www.clamav.net/support/ml> > You'll want to post more than just the file list. You should dig up the > report indicating what was found in those files, or rescan them. > > > > ...and if they are how do I return them to their original file name > > and location? > > EXCEL.EXE.infected > > EXCEL.EXE.infected.000.infected > > It appears the infected files are being renamed (they may have been > moved and/or permissions altered as well). As far as I know, that isn't > something the official win32 port of ClamAV does, so you are likely > using a third party port of ClamAV and/or some other tool that > incorporates ClamAV. The organization that produced the software ought > to be able to tell you how to reverse the quarantine process. > > -Tom > > -- > Tom Metro > Venture Logic, Newton, MA, USA > "Enterprise solutions through open source." > Professional Profile: http://tmetro.venturelogic.com/> _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32>

-- This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete all copies